Cybercriminals are increasingly targeting macOS users by distributing infostealer malware through weaponized DMG files, exploiting the misconception that Apple devices are immune to such threats. These attacks often involve fake software installers that appear legitimate, deceiving users into granting access without suspicion.
According to a report by Huntress, shared with Cyber Security News, over 65% of newly reported macOS malware in 2025 were classified as infostealers. These malicious programs aim to steal sensitive information such as credentials, browser cookies, authentication tokens, and cryptocurrency wallets. Notably, these infostealers operate swiftly, extracting data and transmitting it to remote servers without establishing persistence on the infected system.
The infection process typically begins when users encounter deceptive search results or visit piracy forums, leading them to download malicious DMG files. Unlike package (.pkg) files, DMG files require less formal signing and are subject to fewer security checks on macOS. When executed, these disk images mount as virtual drives, displaying prompts that mimic legitimate software installations. Attackers often include instructions to bypass Apple’s Gatekeeper security feature, embedding them in the background image of the installation window to avoid detection.
Infostealer families such as AMOS, Poseidon, Odyssey, and MacSync have been observed employing these tactics. Some variants even encode bypass instructions directly into filenames, like naming the file “Drag to Terminal,” or distribute software labeled as “cracked” on piracy sites, conditioning users to disregard security warnings.
To mitigate these threats, macOS users should exercise caution when downloading software from unverified sources, scrutinize installation prompts for unusual instructions, and ensure their systems are equipped with up-to-date security measures. Relying solely on the perceived security of macOS is no longer sufficient; proactive vigilance is essential to protect against these evolving cyber threats.
Source: Cyber Security News
